Implementing the No Surprises Act: Updated Complaint Data
By Nadia Stovicek and Jack Hoadley
Three years after implementation, the No Surprises Act (NSA) has provided comprehensive protections from the most prevalent forms of surprise medical billing. This law protects consumers from unexpectedly high out-of-network costs and establishes a framework for the reimbursement rate that providers can charge and carriers expect to pay.
Three sources of information can help us evaluate the law’s success: the NSA compliance and enforcement reports, the first published audit of a carrier’s adherence to the reimbursement rate, and federal market conduct examination reports. The Centers for Medicare & Medicaid Services (CMS) is one of the agencies responsible for NSA enforcement and has been tracking issues with NSA compliance since 2023. The most recent quarterly complaint update came out in November 2024 and includes a high-level summary of NSA-related complaints from consumers, providers, payors, and others—along with some non-NSA complaints relating to the Affordable Care Act or mental health parity. The NSA also requires audits of plans’ qualifying payment amounts (QPAs) defined as the median in-network rate. CMS, through the Center for Consumer Information and Insurance Oversight (CCIIO), released a report in the spring on its first audit of QPA calculations by the carrier Aetna Health Inc. of Texas for its out-of-network air ambulance services. CMS also conducted federal market conduct reviews of complaints of certain insurers related to NSA compliance process issues.
The updated complaints data report, QPA audit, and federal market reviews show that compliance with NSA is working overall, even if room for improvement still exists.
Background on the NSA
The NSA protects consumers from balance billing by out-of-network providers and facilities in emergency, air ambulance, and in-network hospital settings, and it establishes a process to resolve payment disputes in these situations. When providers challenge payors’ initial payments as insufficient, the NSA first requires open negotiations between the parties and then allows binding arbitration, known as an independent dispute resolution (IDR). In IDR, an independent dispute resolution entity selects between the payment amounts offered by each party. As part of IDR, Congress assigned a market-driven rate, the QPA, as a key criterion in the process, rather than a government-set rate or the provider’s billed charges. This process is meant to contain spending and, ultimately, premiums.
While consumers are already seeing savings, process and legalchallenges have hampered smooth implementation of IDR procedures, stalling the law’s objective of protecting consumers in a way that contains costs.
Complaint data continue to show the NSA’s effectiveness, but more information is needed
Compared to the total numbers of claims for NSA-eligible out-of-network services, relatively few complaints have been filed. In the first 34 months since implementation, CMS reported only an estimated 14,576 complaints specifically related to NSA compliance. For comparison, two trade groups representing insurers estimate that one million claims are submitted each month for care protected by the NSA. This low complaint volume could indicate that the NSA is protecting patients from the vast majority of balance bills.
Similar to previous trends, most complaints concern provider behavior. According to the CMS data, 82 percent of NSA compliance complaints were filed against providers, facilities, and air ambulance entities. About 40 percent of these provider-based complaints arise from surprise billing for a non-emergency out-of-network service at an in-network facility. We interpret these complaints as allegations that providers sent balance bills prohibited by the NSA. Another 25 percent of the provider-based complaints are similar complaints with regard to emergency services. Notably, of the total closed complaints (against either providers or plans) where a determination was made about whether a violation occurred, violations were identified for about one in five complaints.
The report also notes that these violations led to more than $11 million in “monetary relief” since 2022. Ultimately, this monetary relief means that providers who incorrectly balanced billed refunded the money they charged their patients. CCIIO also instructs the providers in these situations to review past cases and rectify any more instances of illegal balance bills.
Another takeaway from the November 2024 complaint data report is that far fewer complaints were filed against payors. These fewer complaints may be skewed by regulatory authority, as CMS jurisdiction includes only non-federal governmental plans – such as state or local employee health plans, and insurers – while self-funded plans fall under Department of Labor (DOL) jurisdiction, and fully insured commercial plans typically fall under state jurisdiction. The most common complaints against payors—likely from providers—allege non-compliance with QPA requirements. More than 60 percent of the complaints directed at plans addressed late payments after an IDR determination, a major source of frustration among providers, compared to just one-fourth from the first report.
Complaint data support prior research suggesting the NSA is protecting consumers from surprise medical bills
The latest data from CMS bolster findings from a Georgetown and Urban Institute report examining the effectiveness of federal protections against balance billing, particularly in protecting consumers from balance billing and taking consumers “out of the middle” of payment disputes between providers and insurers. That said, stakeholders generally cautioned against declaring complete victory over surprise balance bills simply because of a low number of complaints. In interviews for that report, some stakeholders suggested the low volume of consumer complaints may partially reflect either a lack of public awareness about the NSA or consumers’ lack of health coverage literacy, particularly regarding cost-sharing obligations.
Federal regulators are also reviewing QPA calculations and other process measures
The first audit of a carrier’s compliance with QPA requirements, released in July 2024, provides a modest understanding of how QPA compliance could be affecting cost containment goals. While more audits are under way and will provide more complete insights on industry trends, some initial takeaways exist. When conducting the audit, CCIIO found three issues with Aetna:
1. Incorrect calculation of the QPA.
2. Failure to disclose to providers that they may initiate the IDR process within four days after the open negotiation period.
3. Failure to provide the QPA in conjunction with an initial payment or notice of denial of payment.
The latter two issues focus mostly on process errors, but the first might be a more substantial concern about the accuracy of QPAs with potential implications for increasing health care costs and premiums. Still, the audit showed that Aetna incorrectly calculated the QPA five times, which is only two percent of cases. In each circumstance, Aetna took corrective actions. While this is still something to be taken seriously, overall Aetna is adhering to the QPA guidelines.
In addition to auditing, CMS conducts federal market conduct examination reports based on some of the complaints submitted by affected parties. One of the provisions they review is enforcement of the NSA. Out of the eight reports posted in 2024, five of them relate to NSA violations. These violations are largely based on the failure of the insurance company to provide the initial payment or notice of denial of payment for an NSA-protected claim within the allotted timeframe, or failure to share QPA disclosures. The corrective action that CMS imposes is not overly burdensome because these are mainly process violations.
Looking forward
Collectively, these reports offer evidence that CMS is committed to successful implementation of the NSA. Although the low number of cases and violations points to reasonably good compliance with the law, it would be useful to have a more detailed breakdown to see which types of complaints were most likely to involve underlying violations and other patterns of noncompliance. The CMS complaint reports also lack more detailed information on the source, timing, and resolution of NSA complaints, as well as information about grievances referred to other agencies – such as states, the Office of Personnel Management, or DOL – with jurisdiction over different types of plans.
Most experts recognize that it is simply too early to understand the full impact of the NSA on provider prices, provider networks, overall health costs, and premiums. Ongoing provider-driven litigation over the IDR process and calculation of the QPA has led to several pauses by the federal agencies in accepting new IDR cases and adjudicating cases in the pipeline, as well as changes to the rules under which IDR operates. As a result, we have an incomplete picture of IDR decision-making. The federal government has faced challenges in responding to numerous legal actions, and court decisions have required significant technical changes to the underlying IDR processes. A recent proposed rule lays out various process-related improvements, but this rule has yet been finalized. Finalizing this rule could play an important role in helping the IDR process run more smoothly.
The NSA is a landmark law that holds substantial promise for driving down costs and protecting consumers. While the CMS reports on complaint data support the general notion that the NSA is preventing unfair balance billing, the significant amount of IDR activity and the ongoing litigation should not distract from the law’s original cost containment goals. The release of more data, including ongoing complaint data, more audits, and granular data related to IDR outcomes, would help policymakers assess the impact of the NSA and whether further action to protect consumers and reduce system costs will be needed.
